Search in sources :

Example 56 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project jruby-openssl by jruby.

the class PKCS10Request method setAttributes.

private void setAttributes(final ASN1Set attrs) {
    this.attributes = new ArrayList<Attribute>();
    final Enumeration e = attrs.getObjects();
    while (e.hasMoreElements()) {
        addAttribute(Attribute.getInstance(e.nextElement()));
    }
}
Also used : Enumeration(java.util.Enumeration) Attribute(org.bouncycastle.asn1.pkcs.Attribute)

Example 57 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project cloudstack by apache.

the class RootCAProvider method generateCertificateUsingCsr.

private Certificate generateCertificateUsingCsr(final String csr, final List<String> names, final List<String> ips, final int validityDays) throws NoSuchAlgorithmException, InvalidKeyException, NoSuchProviderException, CertificateException, SignatureException, IOException, OperatorCreationException {
    final List<String> dnsNames = new ArrayList<>();
    final List<String> ipAddresses = new ArrayList<>();
    if (names != null) {
        dnsNames.addAll(names);
    }
    if (ips != null) {
        ipAddresses.addAll(ips);
    }
    PemObject pemObject = null;
    try {
        final PemReader pemReader = new PemReader(new StringReader(csr));
        pemObject = pemReader.readPemObject();
    } catch (IOException e) {
        LOG.error("Failed to read provided CSR string as a PEM object", e);
    }
    if (pemObject == null) {
        throw new CloudRuntimeException("Unable to read/process CSR: " + csr);
    }
    final JcaPKCS10CertificationRequest request = new JcaPKCS10CertificationRequest(pemObject.getContent());
    final String subject = request.getSubject().toString();
    for (final Attribute attribute : request.getAttributes()) {
        if (attribute == null) {
            continue;
        }
        if (attribute.getAttrType().equals(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) {
            final Extensions extensions = Extensions.getInstance(attribute.getAttrValues().getObjectAt(0));
            final GeneralNames gns = GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName);
            if (gns != null && gns.getNames() != null && gns.getNames().length > 0) {
                for (final GeneralName name : gns.getNames()) {
                    if (name.getTagNo() == GeneralName.dNSName) {
                        dnsNames.add(name.getName().toString());
                    }
                    if (name.getTagNo() == GeneralName.iPAddress) {
                        final InetAddress address = InetAddress.getByAddress(DatatypeConverter.parseHexBinary(name.getName().toString().substring(1)));
                        ipAddresses.add(address.toString().replace("/", ""));
                    }
                }
            }
        }
    }
    final X509Certificate clientCertificate = CertUtils.generateV3Certificate(caCertificate, caKeyPair, request.getPublicKey(), subject, CAManager.CertSignatureAlgorithm.value(), validityDays, dnsNames, ipAddresses);
    return new Certificate(clientCertificate, null, Collections.singletonList(caCertificate));
}
Also used : JcaPKCS10CertificationRequest(org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest) Attribute(org.bouncycastle.asn1.pkcs.Attribute) ArrayList(java.util.ArrayList) IOException(java.io.IOException) Extensions(org.bouncycastle.asn1.x509.Extensions) X509Certificate(java.security.cert.X509Certificate) PemObject(org.bouncycastle.util.io.pem.PemObject) PemReader(org.bouncycastle.util.io.pem.PemReader) GeneralNames(org.bouncycastle.asn1.x509.GeneralNames) CloudRuntimeException(com.cloud.utils.exception.CloudRuntimeException) StringReader(java.io.StringReader) GeneralName(org.bouncycastle.asn1.x509.GeneralName) InetAddress(java.net.InetAddress) X509Certificate(java.security.cert.X509Certificate) Certificate(org.apache.cloudstack.framework.ca.Certificate)

Example 58 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class ESTService method simpleEnrollPoP.

/**
 * Implements Enroll with PoP. Request will have the tls-unique attribute added to it before it is
 * signed and completed.
 *
 * @param reEnroll      True = re enroll.
 * @param builder       The request builder.
 * @param contentSigner The content signer.
 * @param auth          Auth modes.
 * @return Enrollment response.
 * @throws IOException
 */
public EnrollmentResponse simpleEnrollPoP(boolean reEnroll, final PKCS10CertificationRequestBuilder builder, final ContentSigner contentSigner, ESTAuth auth) throws IOException {
    if (!clientProvider.isTrusted()) {
        throw new IllegalStateException("No trust anchors.");
    }
    ESTResponse resp = null;
    try {
        URL url = new URL(server + (reEnroll ? SIMPLE_REENROLL : SIMPLE_ENROLL));
        ESTClient client = clientProvider.makeClient();
        // 
        // Connect supplying a source listener.
        // The source listener is responsible for completing the PCS10 Cert request and encoding it.
        // 
        ESTRequestBuilder reqBldr = new ESTRequestBuilder("POST", url).withClient(client).withConnectionListener(new ESTSourceConnectionListener() {

            public ESTRequest onConnection(Source source, ESTRequest request) throws IOException {
                if (source instanceof TLSUniqueProvider && ((TLSUniqueProvider) source).isTLSUniqueAvailable()) {
                    PKCS10CertificationRequestBuilder localBuilder = new PKCS10CertificationRequestBuilder(builder);
                    ByteArrayOutputStream bos = new ByteArrayOutputStream();
                    byte[] tlsUnique = ((TLSUniqueProvider) source).getTLSUnique();
                    localBuilder.setAttribute(PKCSObjectIdentifiers.pkcs_9_at_challengePassword, new DERPrintableString(Base64.toBase64String(tlsUnique)));
                    bos.write(annotateRequest(localBuilder.build(contentSigner).getEncoded()).getBytes());
                    bos.flush();
                    ESTRequestBuilder reqBuilder = new ESTRequestBuilder(request).withData(bos.toByteArray());
                    reqBuilder.setHeader("Content-Type", "application/pkcs10");
                    reqBuilder.setHeader("Content-Transfer-Encoding", "base64");
                    reqBuilder.setHeader("Content-Length", Long.toString(bos.size()));
                    return reqBuilder.build();
                } else {
                    throw new IOException("Source does not supply TLS unique.");
                }
            }
        });
        if (auth != null) {
            auth.applyAuth(reqBldr);
        }
        resp = client.doRequest(reqBldr.build());
        return handleEnrollResponse(resp);
    } catch (Throwable t) {
        if (t instanceof ESTException) {
            throw (ESTException) t;
        } else {
            throw new ESTException(t.getMessage(), t);
        }
    } finally {
        if (resp != null) {
            resp.close();
        }
    }
}
Also used : PKCS10CertificationRequestBuilder(com.github.zhenwei.pkix.pkcs.PKCS10CertificationRequestBuilder) IOException(java.io.IOException) ByteArrayOutputStream(java.io.ByteArrayOutputStream) URL(java.net.URL) DERPrintableString(com.github.zhenwei.core.asn1.DERPrintableString)

Example 59 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class PKCS10CertificationRequest method getAttributes.

/**
 * Return an  array of attributes matching the passed in type OID.
 *
 * @param type the type of the attribute being looked for.
 * @return an array of Attribute of the requested type, zero length if none present.
 */
public Attribute[] getAttributes(ASN1ObjectIdentifier type) {
    ASN1Set attrSet = certificationRequest.getCertificationRequestInfo().getAttributes();
    if (attrSet == null) {
        return EMPTY_ARRAY;
    }
    List list = new ArrayList();
    for (int i = 0; i != attrSet.size(); i++) {
        Attribute attr = Attribute.getInstance(attrSet.getObjectAt(i));
        if (attr.getAttrType().equals(type)) {
            list.add(attr);
        }
    }
    if (list.size() == 0) {
        return EMPTY_ARRAY;
    }
    return (Attribute[]) list.toArray(new Attribute[list.size()]);
}
Also used : ASN1Set(com.github.zhenwei.core.asn1.ASN1Set) Attribute(com.github.zhenwei.core.asn1.pkcs.Attribute) ArrayList(java.util.ArrayList) ArrayList(java.util.ArrayList) List(java.util.List)

Example 60 with Attribute

use of com.github.zhenwei.core.asn1.pkcs.Attribute in project LinLong-Java by zhenwei1108.

the class PKCS10CertificationRequest method getAttributes.

/**
 * Return the attributes, if any associated with this request.
 *
 * @return an array of Attribute, zero length if none present.
 */
public Attribute[] getAttributes() {
    ASN1Set attrSet = certificationRequest.getCertificationRequestInfo().getAttributes();
    if (attrSet == null) {
        return EMPTY_ARRAY;
    }
    Attribute[] attrs = new Attribute[attrSet.size()];
    for (int i = 0; i != attrSet.size(); i++) {
        attrs[i] = Attribute.getInstance(attrSet.getObjectAt(i));
    }
    return attrs;
}
Also used : ASN1Set(com.github.zhenwei.core.asn1.ASN1Set) Attribute(com.github.zhenwei.core.asn1.pkcs.Attribute)

Aggregations

Attribute (org.bouncycastle.asn1.pkcs.Attribute)36 IOException (java.io.IOException)25 Extensions (org.bouncycastle.asn1.x509.Extensions)18 ArrayList (java.util.ArrayList)17 ASN1EncodableVector (com.github.zhenwei.core.asn1.ASN1EncodableVector)15 GeneralNames (org.bouncycastle.asn1.x509.GeneralNames)13 List (java.util.List)12 ASN1Encodable (org.bouncycastle.asn1.ASN1Encodable)12 GeneralName (org.bouncycastle.asn1.x509.GeneralName)12 ASN1Set (org.bouncycastle.asn1.ASN1Set)10 ASN1Set (com.github.zhenwei.core.asn1.ASN1Set)9 Iterator (java.util.Iterator)9 CRLDistPoint (com.github.zhenwei.core.asn1.x509.CRLDistPoint)8 DistributionPoint (com.github.zhenwei.core.asn1.x509.DistributionPoint)8 AttributeTable (com.github.zhenwei.pkix.util.asn1.cms.AttributeTable)8 Enumeration (java.util.Enumeration)8 X500Name (org.bouncycastle.asn1.x500.X500Name)8 Attribute (com.github.zhenwei.pkix.util.asn1.cms.Attribute)7 GeneralName (com.github.zhenwei.core.asn1.x509.GeneralName)6 GeneralSecurityException (java.security.GeneralSecurityException)6